Apparatus and method for filtering IP packet in mobile communication terminal

ABSTRACT

An apparatus and a method for filtering an Internet Protocol (IP) packet in a mobile communication terminal are provided. The method includes receiving an IP packet from a network, determining whether the received IP packet is an IP packet unallowable by an application Central Processing Unit (CPU), when the received IP packet is determined to be an IP packet unallowable by the application CPU, generating an IP packet indicating that the received IP packet is unallowable, and transmitting the generated IP packet to the network.

PRIORITY

This application claims the benefit under 35 U.S.C. §119(a) of a Koreanpatent application filed in the Korean Intellectual Property Office onApr. 7, 2010 and assigned Serial No. 10-2010-0031702, the entiredisclosure of which is hereby incorporated by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to an apparatus and a method for filteringan Internet Protocol (IP) packet in a mobile communication terminal.More particularly, the present invention relates to an apparatus and amethod for reducing unnecessary current consumption through IP packetfiltering in an always-on mobile communication terminal including twoCentral Processing Units (CPUs).

2. Description of the Related Art

Recently, the number of mobile apparatuses using a high performance openOperating System (OS) including two CPUs is increasing. Such mobileapparatuses are characterized by always-on operation that maintains anopen data session in order to support functions such as a Voice overInternet Protocol (VoIP), a mobile messenger, a push mail, etc.

A terminal using a Wideband Code Division Multiple Access (WCDMA) systemis allocated an IP address from a service provider network. In mostcases, the allocated IP address is a public IP. An always-on terminalthat has been allocated a public IP is exposed to an undesiredTransmission Control Protocol (TCP) connection request from an externalnetwork. The terminal is connected to a radio channel due to introducedIP packets at this point, and causes current consumption. In addition,for push mail, a push mail application releases a radio channel afterpacket transmission ends, but when a radio channel is connected due toIP packets introduced by the undesired TCP connection request, an entitythat releases the radio channel does not exist and so additional currentconsumption occurs until a network timer ends.

An IP packet introduction scenario of an always-on terminal includingtwo CPUs according to the conventional art is described below. After aPacket Data Protocol (PDP) context is generated, a terminal and a mobilenetwork enter a Radio Resource Control (RRC) idle state. In this RRCidle state, when an IP packet for a TCP connection request is introducedto the mobile network from an external server, the mobile networktransmits a Packet Switched (PS) paging message to the terminal.Accordingly, the terminal and the mobile network transition to an RRCconnected state. In this RRC connected state, the mobile networktransmits an IP packet introduced from the external server to theterminal, and a modem of the terminal transfers an IP packet receivedfrom the mobile network to an application CPU of the terminal A TCPstack of the application CPU side of the terminal determines that therelevant IP packet is an IP packet for an undesired TCP connectionrequest and transmits an IP packet for TCP reset to the external servervia the mobile network, thereby rejecting a TCP connection request fromthe external server. The terminal and the mobile network maintain RRCconnection state for one minute generally until a timer of the mobilenetwork ends.

As described above, since a TCP stack exists at an application CPU sidein an always-on terminal including two CPUs, an IP packet introducedfrom an external server is transferred to the application CPU withoutfiltering, and an RRC connection is not immediately released even afterTCP connection request rejection and maintained until the RRC connectionis ended by a mobile network, and so current consumption occurscontinuously.

SUMMARY OF THE INVENTION

Aspects of the present invention are to address at least theabove-mentioned problems and/or disadvantages and to provide at leastthe advantages described below. Accordingly, an aspect of the presentinvention is to provide an apparatus and a method for filtering anInternet Protocol (IP) packet in a mobile communication terminal.

Another aspect of the present invention is to provide an apparatus and amethod for reducing unnecessary current consumption through IP packetfiltering in an always-on mobile communication terminal including twoCentral Processing Units (CPUs).

Another aspect of the present invention is to provide an apparatus and amethod for preventing occurrence of continuous current consumption byallowing a modem of a terminal to filter a relevant IP packet when anundesired IP packet is introduced from an external server, andimmediately instructing a mobile network to release a Radio ResourceControl (RRC) connection in an always-on mobile communication terminalincluding two CPUs.

Another aspect of the present invention is to provide an apparatus and amethod for allowing a modem to manage an allowable/unallowableTransmission Control Protocol/User Datagram Protocol (TCP/UDP) portusing a white/black list and filtering an IP packet introduced from anexternal server using the white/black list in an always-on mobilecommunication terminal including two CPUs.

In accordance with an aspect of the present invention, a method forfiltering an IP packet in a modem of a mobile communication terminal isprovided. The method includes receiving an IP packet from a network,determining whether the received IP packet is an IP packet unallowableby an application CPU, and when the received IP packet is determined tobe an IP packet unallowable by the application CPU, generating an IPpacket indicated that the received IP packet is unallowable andtransmitting the generated IP packet to the network.

In accordance with another aspect of the present invention, an apparatusfor filtering an IP packet in a mobile communication terminal isprovided. The apparatus includes a stack for receiving a packet from anetwork, and for transmitting a packet to the network, and a modem forreceiving an IP packet from the network via the stack, for determiningwhether the received IP packet is an IP packet unallowable by anapplication CPU, for generating, when the received IP packet isdetermined to be an IP packet unallowable by the application CPU, an IPpacket indicating that the received IP packet is unallowable, and fortransmitting the generated IP packet to the network via the stack.

In accordance with another aspect of the present invention, a method forfiltering an IP packet in a mobile communication system is provided. Themethod includes transmitting, at a network, an IP packet received froman external server and directed to a terminal, to a modem of theterminal, determining, at the modem of the terminal, whether the IPpacket received from the network is an IP packet unallowable by anapplication CPU, when the received IP packet is determined to be an IPpacket unallowable by the application CPU, generating, at the modem ofthe terminal, an IP packet indicating that the received IP packet isunallowable and transmitting the same to the network, and transmitting,at the network, the generated IP packet indicating that the IP packet isunallowable to the external server.

In accordance with another aspect of the present invention, a system forfiltering an IP packet is provided. The system includes a network fortransmitting a first IP packet received from an external sever anddirected to a terminal, and for transmitting a second IP packet receivedfrom terminal indicating that the first IP packet received by theterminal is unallowable to the external server, and a modem of theterminal for determining whether the first IP packet received from thenetwork is an IP packet unallowable by an application CPU of theterminal, for generating, when the received first IP packet isdetermined to be an IP packet unallowable by an application CPU thesecond IP packet indicating that the received first IP packet isunallowable, and for transmitting the generated second IP packet to thenetwork.

Other aspects, advantages, and salient features of the invention willbecome apparent to those skilled in the art from the following detaileddescription, which, taken in conjunction with the annexed drawings,discloses exemplary embodiments of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other aspects, features, and advantages of certainexemplary embodiments of the present invention will be more apparentfrom the following description taken in conjunction with theaccompanying drawings, in which:

FIG. 1 is a block diagram illustrating a structure of a mobilecommunication system and an apparatus of a mobile communication terminalaccording to an exemplary embodiment of the present invention;

FIG. 2 is a flowchart illustrating a method for filtering an InternetProtocol (IP) packet received from a mobile network in a modem of amobile communication terminal according to an exemplary embodiment ofthe present invention;

FIG. 3 is a flowchart illustrating a method for transmitting an IPpacket to a terminal in a mobile network according to an exemplaryembodiment of the present invention;

FIG. 4 is a view of a signal flow illustrating a method for filtering anIP packet in a mobile communication terminal according to an exemplaryembodiment of the present invention; and

FIG. 5 is a view of a signal flow illustrating a method for filtering anIP packet in a mobile communication terminal according to an exemplaryembodiment of the present invention.

Throughout the drawings, like reference numerals will be understood torefer to like parts, components and structures.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

The following description with reference to the accompanying drawings isprovided to assist in a comprehensive understanding of exemplaryembodiments of the invention as defined by the claims and theirequivalents. It includes various specific details to assist in thatunderstanding, but these are to be regarded as merely exemplary.Accordingly, those of ordinary skill in the art will recognize thatvarious changes and modifications of the embodiments described hereinmay be made without departing from the scope and spirit of theinvention. Also, descriptions of well-known functions and constructionsare omitted for clarity and conciseness.

The terms and words used in the following description and claims are notlimited to the bibliographical meanings, but are merely used by theinventor to enable a clear and consistent understanding of theinvention. Accordingly, it should be apparent to those skilled in theart that the following description of exemplary embodiments of thepresent invention are provided for illustration purposes only and notfor the purpose of limiting the invention as defined by the appendedclaims and their equivalents.

It is to be understood that the singular forms “a,” “an,” and “the”include plural referents unless the context clearly dictates otherwise.Thus, for example, reference to “a component surface” includes referenceto one or more of such surfaces.

By the term “substantially” it is meant that the recited characteristic,parameter, or value need not be achieved exactly, but that deviations orvariations, including for example, tolerances, measurement error,measurement accuracy limitations and other factors known to skill in theart, may occur in amounts that do not preclude the effect thecharacteristic was intended to provide.

Exemplary embodiments of the present invention provide an alternativefor filtering an Internet Protocol (IP) packet in a mobile communicationterminal. In the following description, though an always-on WirelessCode Division Multiple Access (WCDMA) mobile communication terminalincluding two Central Processing Units (CPUs) is described, exemplaryembodiments of the present invention are applicable to all always-onmobile communication terminals where a Transmission Control Protocol(TCP) stack exists on an application CPU side.

FIG. 1 is a block diagram illustrating a structure of a mobilecommunication system and an apparatus of a mobile communication terminalaccording to an exemplary embodiment of the present invention.

As illustrated, the mobile communication terminal 100 includes anapplication CPU 110, a socket 112, a TCP/IP stack 114, a driver 116, aDual-Ported Random Access Memory (DPRAM) 120, a WCDMA stack 130, a modem132, and a driver 134. The mobile communication terminal 100 may includeadditional units. Similarly, the functionality of two or more of theabove units may be integrated into a single component. Some of thecomponents of the mobile communication terminal may be implemented insoftware or as a combination of hardware and software elements, whileother components would be understood as implemented as hardwarecomponents. For example, the application CPU may include a hardwaremicroprocessor that executes an application. Similarly, the modem 132would be understood as including hardware to generate and receivesignals corresponding to packets, and software for interpreting andmanipulating those signals.

Referring to FIG. 1, the WCDMA stack 130 provides a WCDMA packetintroduced from a mobile network 140 to the modem 132, and transmits aWCDMA packet from the modem 132 to the mobile network 140.

The modem 132 filters an IP packet that needs to be transferred to theapplication CPU 110 from WCDMA packets provided from the WCDMA stack130, and provides the filtered IP packet to the driver 134. Whenreceiving an IP packet unallowable by the application CPU 110 from themobile network 140 via the WCDMA stack 130, the modem 132 generates anIP packet indicating that the relevant IP packet is unallowable andtransmits the IP packet to the mobile network 140 via the WCDMA stack130. The modem 132 immediately generates a Radio Resource Control (RRC)connection release indicate message indicating a release of an RRCconnection and transmits the RRC connection release indicate message tothe mobile network 140 via the WCDMA stack 130. Although not shown, themobile network 140 includes a base station, a base station controller,router, and other elements. The functions disclosed as performed by themobile network 140 may be performed by any one or a combination of thedevices in the mobile network 140. When receiving an IP packet directedto the mobile communication terminal 100 from an external server 150,the mobile network 140 transfers the relevant IP packet to the terminal100.

The driver 134 records an IP packet received from the modem 132 on aDPRAM 120, and reads the DPRAM 120 to provide a packet corresponding tothe read result to the modem 132. The DPRAM 120 is a memory shared bythe application CPU 110 and the modem 132 and may record/write in twodirections. The driver 116 reads the DPRAM 120 to provide an IP packetcorresponding to the read result to the TCP/IP stack 114, and records apacket provided from the TCP/IP stack 114 on the DPRAM 120.

The TCP/IP stack 114 provides an IP packet provided from the driver 116to the socket 112, and provides a packet provided from the socket 112 tothe driver 116.

The socket 112 serves as an interface for a TCP/IP layer, manages aTCP/IP destination/source port number or a TCP/IP destination/sourceaddress determined in advance, provides an IP packet having a relevantport number or address among IP packets provided from the TCP/IP stack114 to the application CPU 110, and provides a packet received from theapplication CPU 110 to the TCP/IP stack 114. According to an exemplaryembodiment of the present invention, the socket 112 may provide awhite/black list, which is an allowable/unallowable list of a TCP/UserDatagram Protocol (UDP) port number to the TCP/IP stack 114, in order toprovide the list to the modem 132. The modem 132 may store and managethe white/black list of the TCP/UDP port number and refer to thewhite/black list in filtering IP packets. The application CPU 110processes an IP packet provided from the socket 112.

FIG. 2 is a flowchart illustrating a method for filtering an IP packetreceived from a mobile network in a modem of a mobile communicationterminal according to an exemplary embodiment of the present invention.

Referring to FIG. 2, the modem of the terminal generates a Packet DataProtocol (PDP) context together with the mobile network and then entersan RRC idle state in step 201.

The modem determines whether a Packet Switched (PS) paging message isreceived from the mobile network in step 203. The PS paging messagedenotes a message indicating that an IP packet is scheduled to betransmitted and instructing to set an RRC connection.

When the modem detects a PS paging message in step 203, the modem setsan RRC connection to transition to an RRC connection state together withthe mobile network in step 205.

The modem determines whether an IP packet is received from the mobilenetwork in step 207. When the modem detects an IP packet in step 207,the modem determines whether the received IP packet is an unallowable IPpacket in step 209. For example, when the modem receives an IP packet(TCP sync request packet) requesting an undesired TCP connection or aUDP packet having an unallowable port number from an external server viathe mobile network, the modem may determine that the relevant IP packetis an unallowable IP packet.

When the modem determines that the received IP packet is an allowable IPpacket in step 209, the modem transfers the received IP packet to theapplication CPU in step 217, and ends the algorithm.

When the modem determines that the received IP packet is an unallowableIP packet in step 209, the modem generates an IP packet indicating thatthe received IP packet is unallowable and transmits the IP packet to themobile network in step 211. For example, where the received IP packet isan IP packet (TCP sync request packet) requesting an undesired TCPconnection, the modem may generate an IP packet (TCP reset packet)ending a TCP connection and transmit the TCP reset packet to the mobilenetwork. Alternatively, where the received IP packet is a UDP packethaving an unallowable port number, the modem may generate an InternetControl Message Protocol (ICMP) packet (ICMP destination unreachablepacket) indicating that the relevant port is not used and transmit theICMP packet to the mobile network.

The modem generates an RRC connection release indicate message(signaling connection release indication message) indicating an RRCconnection release and transmits the RRC connection release indicatemessage to the mobile network in step 213. The modem transitions to anRRC idle state together with the mobile network by releasing the RRCconnection in step 215.

FIG. 3 is a flowchart illustrating a method for transmitting an IPpacket to a terminal in a mobile network according to an exemplaryembodiment of the present invention.

Referring to FIG. 3, the mobile network generates a PDP context togetherwith the terminal and enters an RRC idle state in step 301.

The mobile network determines whether an IP packet directed to theterminal is received from an external server in step 303.

When the mobile network detects an IP packet directed to the terminal instep 303, the mobile network generates a PS paging message and transmitsthe PS paging message to the terminal in step 305. The PS paging messagedenotes a message indicating that an IP packet is scheduled to betransmitted and instructing to set an RRC connection.

The mobile network sets an RRC connection to make a transition to an RRCconnection state together with the terminal in step 307, and transfersthe IP packet received from the external server to the terminal in step309.

The mobile network determines whether an IP packet informing that thetransferred IP packet is unallowable is received from the terminal instep 311. For example, the mobile network may receive an IP packet (TCPreset packet) ending a TCP connection or an ICMP packet (ICMPdestination unreachable packet) indicating that a relevant port is notused in response to the IP packet transferred to the terminal.

When the mobile network does not detect the IP packet indicating thatthe transferred IP packet is unallowable in step 311, the mobile networkends the algorithm.

When the mobile network detects the IP packet indicating that thetransferred IP packet is unallowable in step 311, the mobile networktransfers the IP packet informing that the packet is unallowable to theexternal server in step 313.

The mobile network determines whether an RRC connection release indicatemessage (signaling connection release indication message) instructing torelease an RRC connection is received from the terminal in step 315.When the mobile network detects the RRC connection release indicatemessage in step 315, the mobile network releases the RRC connection totransition to an RRC idle state together with the terminal in step 317.

FIG. 4 is a view of a signal flow illustrating a method for filtering anIP packet in a mobile communication terminal according to an exemplaryembodiment of the present invention.

Referring to FIG. 4, a modem 420 of a terminal 400 and a mobile network430 generate a PDP context and enter an RRC idle state in step 401.

An external server 440 generates an IP packet (TCP sync request packet)requesting the terminal 400 to make a TCP connection and transmits theIP packet to the mobile network 430 in step 403.

When the mobile network 430 receives an IP packet directed to theterminal 400 from the external server, the mobile network 430 generatesa PS paging message and transmits the PS paging message to the terminal400 in step 405, sets an RRC connection to transition to an RRCconnection state together with the terminal 400 in step 407, andtransfers the IP packet received from the external server 440 to themodem 420 of the terminal 400 in step 409.

When the modem 420 receives an IP packet from the mobile network 430,the modem 420 of the terminal 400 determines whether the received IPpacket is an IP packet (TCP sync request packet) requesting an undesiredTCP connection. When the modem 420 determines that the received IPpacket is an IP packet requesting an undesired TCP connection, the modem420 generates an IP packet (TCP reset packet) ending a TCP connectionand transmits the IP packet to the mobile network 430 in step 411.Although not shown, when the modem 420 determines that the received IPpacket is not an IP packet requesting an undesired TCP connection, themodem 420 of the terminal 400 transmits the received IP packet to theapplication CPU 410 of the terminal 400.

When the mobile network 430 receives an IP packet (that is, a TCP resetpacket) corresponding to an IP packet (that is, a TCP sync requestpacket) transferred in advance from the modem 420 of the terminal 400,the mobile network 430 transfers the received IP packet (that is, theTCP reset packet) to the external server 440 in step 413.

The modem 420 that has transmitted the IP packet (TCP reset packet)ending the TCP connection to the mobile network 430 generates an RRCconnection release indicate message (signaling connection releaseindication message) instructing to release an RRC connection andtransmits the RRC connection release indicate message to the mobilenetwork 430 in step 415, and releases the RRC connection to transitionto an RRC idle state together with the mobile network 430 in step 417.

The modem 420 may determine whether the received IP packet is an IPpacket (TCP sync request packet) requesting a TCP connection by decodinga TCP header of the IP packet received from the mobile network 430. Inthe case where a TCP header of an IP packet includes a 1-bitSynchronization (SYN) flag requesting a TCP connection, for example, theSYN flag is set to ‘1’, the modem 420 of the terminal 400 may determinethat the received IP packet is an IP packet (TCP sync request packet)requesting a TCP connection.

In addition, where the TCP header of an IP packet includes a 1-bit Reset(RST) flag ending a TCP connection, the modem 420 of the terminal 400may set the RST flag to ‘1’ to generate an IP packet (TCP reset packet)ending a TCP connection.

FIG. 5 is a view of a signal flow illustrating a method for filtering anIP packet in a mobile communication terminal according to an exemplaryembodiment of the present invention.

Referring to FIG. 5, during data connection or when a terminal boots, anapplication CPU 510 of the terminal 500 provides a white/black list,that is, an allowable/unallowable list of a TCP/UDP port number to amodem 520 of the terminal 500. The modem 520 of the terminal 500 storesand manages the white/black list of the TCP/UDP port number in step 501.A Voice over IP (VoIP) that uses a Session Initiation Protocol (SIP), avideo telephony, instant messaging, etc. transfers call setup signalingor message via a UDP port. An IP packet having a TCP/UDP port numberreserved in advance should be transferred to the application CPU. Forthis purpose, the application CPU 510 provides a white/black list of aTCP/UDP port number to the modem 520 for use when filtering an IPpacket.

A white/black list of a TCP/UDP port number that the application CPU 510provides to the modem 520 may have a structure as illustrated in Table 1below.

TABLE 1 Protocol White/Black Source Port Destination Port 0 = UDP 0 =White Integer Integer 1 = TCP 1 = Black

After generating a PDP context, the modem 520 of the terminal 500 andthe mobile network 530 enter an RRC idle state in step 503.

An external server 540 generates a UDP packet to be transmitted to theterminal 500 and transmits an IP packet to the mobile network 530 instep 505.

When the mobile network 530 receives an IP packet directed to theterminal 500 from the external server 540, the mobile network 530generates a PS paging message and transmits the PS paging message to theterminal 500 in step 507, sets an RRC connection to transition to an RRCconnection state together with the terminal 500 in step 509, andtransfers the IP packet received from the external server 540 to themodem 520 of the terminal 500 in step 511.

When the modem 520 receives the IP packet from the mobile network 530,the modem 520 determines whether the received IP packet is a TCP/UDPpacket having a port number unallowable by the application CPU 510 basedon the white/black list of the TCP/UDP port number. When the modem 520determines that the received IP packet is a TCP/UDP packet having theport number unallowable by the application CPU 510, the modem 520deletes the received IP packet in step 513, and generates an ICMP packet(ICMP destination unreachable packet) indicating that a relevant port isnot used and transmits an IP packet to the mobile network 530 in step515. Although not shown, when the modem 520 determines that the receivedIP packet is a TCP/UDP packet having the port number allowable by theapplication CPU 510, the modem 520 transmits the received IP packet tothe application CPU 510.

When the mobile network 530 receives an IP packet (that is, ICMPdestination unreachable packet) corresponding to the IP packet (that is,UDP packet) transferred in advance from the modem 520, the mobilenetwork 530 transmits the received IP packet (that is, ICMP destinationunreachable packet) to the external server 540 in step 517.

The modem 520 generates an RRC connection release indicate message(signaling connection release indication message) instructing to releasean RRC connection and transmits the RRC connection release indicatemessage to the mobile network 530 in step 519, and releases an RRCconnection to transition to an RRC idle state together with the mobilenetwork 530 in step 521.

As described above, the modem 520 of the terminal 500 manages anunallowable/allowable TCP/UDP port number using the white/black list,monitors a received IP packet to block an IP packet having a port numberthat exists on the black list or does not exist on the white list, andtransfers an IP packet having a port number that exists on the whitelist or does not exist on the black list to the application CPU 510.

Since there is a high possibility that packet communication is inprogress while a user operates a terminal via a user interface, the IPpacket filtering of the modem 520 according to exemplary embodiments ofthe present invention may be applicable to only the case where theapplication CPU 510 is in a sleep state.

As described above, in the case where an undesired IP packet isintroduced from an external server in an always-on mobile communicationterminal including two CPUs, a modem of a terminal filters the relevantIP packet, and immediately instructs a mobile network to release an RRCconnection, thereby reducing unnecessary current consumption.

While the invention has been shown and described with reference tocertain exemplary embodiments thereof, it will be understood by thoseskilled in the art that various changes in form and details may be madetherein without departing from the spirit and scope of the invention asdefined by the appended claims and their equivalents.

What is claimed is:
 1. A method for filtering an Internet Protocol (IP)packet in a modem of a mobile communication terminal, the methodcomprising: receiving a paging message from a network in a RadioResource Control (RRC) idle state; when the paging message is received,setting an RRC connection to transition to an RRC connection state;receiving an IP packet from the network; determining whether thereceived IP packet is an IP packet unallowable by an application CentralProcessing Unit (CPU); when the received IP packet is determined to bean IP packet unallowable by the application CPU, generating an IP packetindicating that the received IP packet is unallowable and transmittingthe generated IP packet to the network; generating a message indicatingan RRC connection release and transmitting the message to the network;and releasing the RRC connection to transition to an RRC idle state. 2.The method of claim 1, further comprising, when the received IP packetis determined to be an IP packet allowable by the application CPU,transferring the received IP packet to the application CPU.
 3. Themethod of claim 1, wherein the determining of whether the receiving IPpacket is the unallowable IP packet comprises: determining whether thereceived IP packet is an IP packet requesting an undesired TransmissionControl Protocol (TCP) connection, and wherein the transmitting of theIP packet indicating that the received IP packet is unallowablecomprises, when the received IP packet is an IP packet requesting anundesired TCP connection, generating an IP packet ending a TCPconnection and transmitting the IP packet ending the TCP connection tothe network.
 4. The method of claim 1, wherein the determining ofwhether the received IP packet is the unallowable IP packet comprisesdetermining whether the received IP packet is a Transmission ControlProtocol/User Datagram Protocol (TCP/UDP) packet having a port numberunallowable by the application CPU, and the transmitting of thegenerated IP packet indicating that the received IP packet isunallowable comprises, when the received IP packet is a TCP/UDP packethaving a port number unallowable by the application CPU, generating anInternet Control Message Protocol (ICMP) indicating that a relevant portis not used and transmitting the ICMP packet to the network.
 5. Themethod of claim 4, further comprising: receiving anallowable/unallowable list of TCP/UDP port numbers from the applicationCPU, wherein the determining of whether the received IP packet is aTCP/UDP packet having the port number unallowable by the application CPUis performed based on the received allowable/unallowable list of theTCP/UDP port numbers.
 6. An apparatus for filtering an Internet Protocol(IP) packet in a mobile communication terminal, the apparatuscomprising: a stack for receiving a packet from a network, and fortransmitting a packet to the network; and a modem for receiving anInternet Protocol (IP) packet from the network via the stack, fordetermining whether the received IP packet is an IP packet unallowableby an application Central Processing Unit (CPU), for generating, whenthe received IP packet is determined to be an IP packet unallowable bythe application CPU, an IP packet indicating that the received IP packetis unallowable, and for transmitting the generated IP packet to thenetwork via the stack, wherein before receiving the IP packet, the modemreceives a paging message from the network via the stack in an RRC idlestate, and when the modem receives the paging message, the modem sets anRRC connection to transition to an RRC connection state; and whereinafter transmitting the generated IP packet, the modem generates amessage indicating an RRC connection release and transmits the messageto the network via the stack, and releases the RRC connection totransition to the RRC idle state.
 7. The apparatus of claim 6, whereinwhen the modem determines that the received IP packet is an IP packetallowable by the application CPU, the modem transfers the received IPpacket to the application CPU.
 8. The apparatus of claim 6, wherein themodem determines whether the received IP packet is a TransmissionControl Protocol (TCP) sync request packet requesting an undesired TCPconnection, and when the received IP packet is the TCP sync requestpacket requesting the undesired TCP connection, the modem generates aTCP reset packet ending a TCP connection and transmits the TCP resetpacket to the network via the stack.
 9. The apparatus of claim 6,wherein the modem determines whether the received IP packet is aTransmission Control Protocol/User Datagram Protocol (TCP/UDP) packethaving a port number unallowable by the application CPU, and when thereceived IP packet is a TCP/UDP packet having the port numberunallowable by the application CPU, the modem generates an ICMP packetindicating that a relevant port is not used and transmits the ICMPpacket to the network via the stack.
 10. The apparatus of claim 9,further comprising: an application CPU for providing anallowable/unallowable list of TCP/UDP port numbers to the modem, whereinthe modem determines whether the received IP packet is the TCP/UDPpacket having the port number unallowable by the application CPU basedon the allowable/unallowable list of the TCP/UDP port numbers.
 11. Amethod for filtering an Internet Protocol (IP) packet in a mobilecommunication system, the method comprising: receiving a paging messagefrom a network in a Radio Resource Control (RRC) idle state; and whenthe paging message is received, setting an RRC connection to transitionto an RRC connection state transmitting, at the network, an IP packetreceived from an external server and directed to a terminal, to a modemof the terminal; determining, at the modem of the terminal, whether theIP packet received from the network is an IP packet unallowable by anapplication Central Processing Unit (CPU); when the received IP packetis determined to be an IP packet unallowable by the application CPU,generating, at the modem of the terminal, an IP packet indicating thatthe received IP packet is unallowable and transmitting the generated IPpacket to the network; and transmitting, at the network, the generatedIP packet indicating that the IP packet is unallowable to the externalserver; generating a message indicating an RRC connection release andtransmitting the message to the network; and releasing the RRCconnection to transition to an RRC idle state.
 12. A mobilecommunication system for filtering an Internet Protocol (IP) packet, thesystem comprising: a network for transmitting an IP packet received froman external sever and directed to a terminal, and for transmitting an IPpacket received from the terminal indicating that the received IP packetis unallowable to the external server; and a modem of the terminal fordetermining whether an IP packet received from the network is an IPpacket unallowable by an application Central Processing Unit (CPU) ofthe terminal, for generating, when the received IP packet is determinedto be an IP packet unallowable by an application CPU, the IP packetindicating that the received IP packet is unallowable, and fortransmitting the generated IP packet to the network, wherein beforereceiving the IP packet, the modem receives a paging message from thenetwork via the stack in an RRC idle state, and when the modem receivesthe paging message, the modem sets an RRC connection to transition to anRRC connection state; and wherein after transmitting the generated IPpacket, the modem generates a message indicating an RRC connectionrelease and transmits the message to the network via the stack, andreleases the RRC connection to transition to the RRC idle state.